In recent years, data on attributes and behavior of individuals (personal data) and confidential data on organizations such as corporations have become more important with the progress and proliferation of technologies on computers and networks. Performing operations or analysis on personal data or confidential data and using them permits acquiring of an unprecedented new knowledge and realizing of a novel function.
On the other hand, it has been pointed out that there is a risk of invading personal privacy or a secrecy of an organization by using personal data or confidential data. Thus, securing technologies that permit using of personal data or confidential data that remains protected have been attracting attention.
A homomorphic encryption technology is known as a securing technology that uses a cryptographic technology. The homomorphic encryption technology is one of the public key encryption methods in which a pair of different keys is used for encryption and decryption, and has a function that permits a data operation in a state in which the data remains encrypted. According to the homomorphic encryption technology, when performing, on two or more encrypted texts, an operation that corresponds to an addition or multiplication, an encrypted text for a result of an operation of adding or multiplying the original plain texts can be obtained without decrypting the encrypted texts.
As a homomorphic encryption technology, a fully homomorphic encryption scheme has been proposed that permits addition and multiplication to be performed any number of times (see, for example, Non Patent Document 1). The fully homomorphic encryption permits a realization of operations such as Exclusive OR, AND, and NOT, so operations by any logic circuit can be realized without decrypting encrypted texts. However, the fully homomorphic encryption is not practical in terms of performance at present because it takes much processing time for encryption, decryption, and secured operation and a size of cryptographic data becomes large.
Accordingly, a somewhat homomorphic encryption scheme has been proposed that is more practical in terms of performance (see, for example, Non Patent Documents 2 and 3). According to the somewhat homomorphic encryption, more rapid processing can be realized, although there are restrictions such as to the number of multiplications.
For a secured distance calculation using a homomorphic encryption, a cryptographic processing device that permits a reduction in both a size of encrypted vector data and a time for the secured distance calculation is also known (see, for example, Patent Document 1 and Non Patent Document 4). This cryptographic processing device obtains a first polynomial from a first vector by use of a first transform polynomial and a second polynomial from a second vector by use of a second transform polynomial. Then, the cryptographic processing device obtains a first weight that relates to a secured distance of the first vector and a second weight that relates to a secured distance of the second vector.
Next, the cryptographic processing device encrypts each of the first polynomial, the second polynomial, the first weight, and the second weight using a homomorphic encryption, so as to obtain a first encrypted polynomial, a second encrypted polynomial, a first encrypted weight, and a second encrypted weight. Then, the cryptographic processing device obtains an encrypted secured distance that corresponds to an encryption of a secured distance between the first vector and the second vector from the first encrypted polynomial, the second encrypted polynomial, the first encrypted weight, and the second encrypted weight.
Patent Document 1: Japanese Laid-open Patent Publication No. 2014-126865
Non Patent Document 1: C. Gentry, “Fully Homomorphic Encryption Using Ideal Lattices”, STOC 2009, pp. 169-178, 2009.
Non Patent Document 2: C. Gentry and S. Halevi, “Implementing Gentry's Fully Homomorphic Encryption Scheme”, EUROCRYPT 2011, LNCS 6632, pp. 129-148, 2011.
Non Patent Document 3: K. Lauter, M. Naehrig and V. Vaikuntanathan, “Can Homomorphic Encryption be Practical?”, CCSW 2011, pp. 113-124, 2011.
Non Patent Document 4: Yasuda, Shimoyama, Yokoyama and Kogure, “A customer information analysis between enterprises using homomorphic encryption”, The 12th Forum on Information Technology (FIT 2013), The 4th volume pp. 15-22, 2013.